IMHO, the real question with respect to releasing / not releasing 0-day
is if it has been used in the wild.
If the frsirt found out that the exploit was already circulating in the
underground, and used to exploit MSIE users, they should release the
information to the public regardless of a patch. Now releasing an
exploit that gives you a remote shell may be too much.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://www.dshield.org/pipermail/list/attachments/20050818/3c1c00c8/signature.bin